Ettercap versions 8.0 and 8.1 suffer from code execution and denial of service vulnerabilities.
c3b781745f88cbd862cea63d2dda4901f96f9929928278c03b1c679d2601df98Red Hat Security Advisory 2014-1998-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
885c454e2df45f10d3dd5faa7793cbefdc2fe5c65b5a3e5121114ffc38dd334bRed Hat Security Advisory 2014-1999-01 - The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-". To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.
550a292aa61b5f7a074e345298a0cd0059f2754363fdcbd0de30b1f3ff6b3bc4Red Hat Security Advisory 2014-1997-01 - A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
9a42bc59092af16ac1038c9e5dce06d93b232fcce0c7a1ab4cb77a0af3e0b74cDebian Linux Security Advisory 3105-1 - Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command.
3276ccbb50391322547e01d57c1b7e9bacbeee3a02b4097917699734e69e42daDebian Linux Security Advisory 3104-1 - It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.
006d3763516e5cdc42e37f601fa0a12bc73a61ca2f541385a1185543a6bcf8e7Mandriva Linux Security Advisory 2014-252 - In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.
70a783dd698c32c35cc4ba737ea20e314d2dfed051a171704672b2b3fa1c0075CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.
0653e6f753223236bc7e18d2e1538e854fd0951b8c497541ffb7dc11afb28484Intrexx Professional suffers from a reflective cross site scripting vulnerability.
7e1f202d877049840b07b7d324c3147e199962936a01d0c126c15f3a5a11435eRed Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
6f51d606ff7b3322c666a24390b0422e80a72849656f025ba3acfd45a4c38b2dIntrexx Professional suffers from a remote code execution vulnerability via unrestricted file upload.
14d46b9b3e12c5874cd180eacb54c90d7d73ac9a5b6b818cb3f7c048ffb88fd1Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.
03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3Gentoo Linux Security Advisory 201412-16 - A vulnerability in CouchDB could result in Denial of Service. Versions less than 1.5.1 are affected.
02b20373a08dde3402f59bfb3d6c740876cd2b6091a5d5fbd9a9125427cc73c8Gentoo Linux Security Advisory 201412-15 - Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. Versions less than 2.5.3 are affected.
021c1376b048a79a75436fc37fbfae7da062ca6f643172ebfe5d8e173a30a725Gentoo Linux Security Advisory 201412-14 - Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 3.2.5c are affected.
c4cd03bdfcf2efbcc948e588b676a1e59d0484ec2def017bbefadbc83748ff2cMandriva Linux Security Advisory 2014-253 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.
8336b360e16f0c2a346262a2b65d82bd0d946e35b938fddd29e48042ef43d491Gentoo Linux Security Advisory 201412-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 39.0.2171.65 are affected.
472f37f52920da8f3ab68f22980796eede21209283a155935fc6646773c26c45Gentoo Linux Security Advisory 201412-30 - Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.5 are affected.
3cc565ec381a268c4b834de945bc73e3d1b2fdcb65dc933c43c6010c2389a845Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.
1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.
cbbc26ea5cdb0eb3a0cdbdf8a01c1790ccfa0fedcb1fd4052bff4d93f5841954Mandriva Linux Security Advisory 2014-243 - Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service via a long password. Cross-site scripting vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
2a69f32ae47954054defc2d2e4957f21a079ef6d08cac1df6f4163573d18317dMandriva Linux Security Advisory 2014-244 - Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long fileserver ACL entry. Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption for Kerberos keys, which makes it easier for remote attackers to obtain the service key. The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Buffer overflow in the GetStatistics64 remote procedure call in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service via a crafted statsVersion argument. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.
f0ded20bf2adb359a6b497c84a94616df27c085b24333664b6ab70f9a03960e2Mandriva Linux Security Advisory 2014-245 - A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. The mutt package has been updated to version 1.5.23 and patched to fix this issue.
041c79dcae85964278e5b7ed46bb61331c9b7ba9f5273229324b675b7d00e2afMandriva Linux Security Advisory 2014-251 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
31f344d63d9baca0e56a33307bf5601a34d328596c0f178547bc7bd8c78ab69aMandriva Linux Security Advisory 2014-250 - Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.
a8625283ecee460395d8476aec6cc661dd2cb703162b8a3f3d847a5f31745475
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed